Security firms have warned hackers could use radio signals to attack pacemakers and other medical implants, potentially killing people.
Researchers from McAfee have shown they can take control of insulin pumps implanted inside diabetes patients, while scientists at the University of Massachussetts have shown they can use radio attacks to turn off defibrillators inside heart patients.
The problem is that the security on the radio link is breakable, and the implants’ operation can be remotely over-ridden.
Barnaby Jack, of Intel security subsidiary McAfee, has shown he can interfere with insulin pumps, by overriding their radio control. The pumps hold 300 units of insulin, enough for about 45 days, and are refilled by a syringe. Jack showed he could get the pumps to empty their reservoir completely in one go – which would cause very severe hypglycaemia (low blood sugar level). The pump has a vibrating alert when it is delivering insulin, and Jack managed to override this also, making the attack potentially deadly.
“We can influence any pump within a 300ft [91m] range,” Jack told the BBC. McAfee has previously announced products to secure embedded devices, which could include implants.
Attacks on surgical implants have been known about for some time. A group of researchers from the University of Massachussetts published a paper in 2008 dealing with attacks on implanted defibrillators, and ways to defend against them. Defibrillators are switched on using a specific radio signal when they are implanted and a hacker that captured this signal could use it to switch the implant off.
These attacks are hard to block because implants are powered by batteries. Adding features such as encryption would increase their power demands and reduce the time they would remain working, so patients would have to undergo surgery sooner to replace the batteries.
Think you know security? Test yourself with our quiz.
Boeing Starliner space capsule set for first crewed flight into orbit after years of delays,…
Google clashes with US Justice Department in closing arguments as government argues Google used illegal…
Prominent Stanford University AI scientist Fei-Fei Li reportedly completes funding round for start-up based on…
Apple shares surge on optimism that new AI-focused hardware launches will drive renewed sales, starting…
Biden vetoes Republican-backed measure amidst dispute over 'joint employer' status for contract workers, affecting tech…
Lawyers in US social media addiction action say strict controls on Douyin in China show…
View Comments
hypoglycemia
It would help if the devices were identified. I am not familiar with pumps that hold 45 days worth of insulin? Insulin should be kept cool, and the ones that I am familiar with only hold about 3 days.
Uh, 300 units over 45 days is only 6.66 units per day. That is about one eighth to one thirteenth of the normal amount of insulin required by adults over the course of a day. I take 70 to 80 units per day and have for years - and that's not uncommon for a type 1 diabetic.
It's still a risk - I wouldn't want to get three days worth of insulin in a couple of minutes. That could make the rest of the day very rough at best!
News writers should reality check their numbers - 6.6 units might be OK for an experimental animal, but not for adult humans.
Thanks for your comments.
We are planning to talk directly to Barnaby Jack and will nail down what kind of pump he actually worked with.
Peter
There are implantable pumps and they use concentrated insulin. See http://lukesdday.wordpress.com/2011/04/26/implanted-insulin-pump/
That said, I share concern for the non-implantable variety, too.
Potentially, anything connected can be hacked.
This is nothing more than propaganda to throw a dark cloud over "hacktivists".
I think I'm going to start manufacturing wearable Farraday cages.